Re: [Exim] DOS problem (?)

Góra strony
Delete this message
Reply to this message
Autor: Chris Edwards
Data:  
Dla: exim-users
Temat: Re: [Exim] DOS problem (?)
On Fri, 5 Sep 2003, Alun wrote:

| --

|
| Dear all,

|
| As of Monday, we have (finally!) been running Exim 4. I have to say I'm well
| impressed with the ACL stuff - a lot of the hacks we had to do cunning stuff
| under Exim 3 have just turned into simple ACL rules. Neat!

|
| However...

|
| Yesterday afternoon, we were hit hard by a single machine trying to
| establish connections at the rate of around 22 per second sustained. I
| already had:

|
| smtp_accept_max = 200
| smtp_accept_max_per_host = 10

|
| and it appeared to be working to some degree:

|
| 2003-09-04 14:45:13 Connection from XXX.XXX.XX.X refused: too many
| connections


That's interesting.

When our "smtp_accept_max" is exceeded, exim logs:

Connection from 130.209.16.11 refused: too many connections

When our "smtp_accept_max_per_host" is exceeded, exim logs:

Connection from 130.209.16.11 refused: too many connections from that IP address

Note the "from that IP address" bit. This implies its your
smtp_accept_max limit that was being reached. Any idea how many
connections were active ? What did "exiwhat" return ?


--
Chris Edwards, Glasgow University Computing Service